ModSecurity Blog

Now you can analyse cookies using new selective filtering variables (COOKIE_name, COOKIE_NAMES, COOKIE_VALUES). Even before this change it was possible to look at cookies (as cookies are just HTTP headers) but the functionality was limited. ModSecurity now parses cookies for you.

Let's say you wanted to prevent XSS attacks via the PHP session cookie; this filter would make sure the cookie is in order:

SecFilterSelective COOKIE_PHPSESSID "^[0-9a-z]+$"

COOKIE_NAMES and COOKIE_VALUES will examine all cookie names and values, respectively.